[Buildroot] [git commit] package/libselinux: set the config_lsm kernel config option to selinux

Thomas Petazzoni thomas.petazzoni at bootlin.com
Fri Sep 4 13:43:21 UTC 2020


commit: https://git.buildroot.net/buildroot/commit/?id=b5bb766ff2585fca652e3fd112e9a5d7905c8981
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.

As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.

Signed-off-by: Adam Duskett <Aduskett at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
 package/libselinux/libselinux.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index f7397141d5..521dbaaba8 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -111,6 +111,7 @@ define LIBSELINUX_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
+	$(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
 endef
 
 $(eval $(generic-package))


More information about the buildroot mailing list